<?php
if ($_REQUEST['add']) {
	$newcode = html_entity_decode(escapestr($_REQUEST['code']));
	$query = " INSERT INTO `banners` (`code`) values ('$newcode') ";
	$result = mysql_query($query);
	if ($result) {
		$SITE_MIDDLE .= FormatElement(GetLangString($lang,"txt_banner"),GetLangString($lang,"msg_banneradded"));
	} else {	
		$SITE_MIDDLE .= FormatElement(GetLangString($lang,"txt_error"),GetLangString($lang,"msg_dberror"));
	}
} 
if ($_REQUEST['edit']) {
	$newcode = html_entity_decode(escapestr($_REQUEST['code']));
	$bannerid = escapestr($_REQUEST['id']);
	$query = " UPDATE `banners`  set `code`='$newcode' where `id`='$bannerid' ";
	$result = mysql_query($query);
	if ($result) {
		$SITE_MIDDLE .= FormatElement(GetLangString($lang,"txt_banner"),GetLangString($lang,"msg_bannerupdated"));
	} else {	
		$SITE_MIDDLE .= FormatElement(GetLangString($lang,"txt_error"),GetLangString($lang,"msg_dberror"));
	}
}
if ($_REQUEST['delete']) {
	$bannerid = escapestr($_REQUEST['delete']);
	$query = " delete from `banners` where `id`='$bannerid'";
	$result = mysql_query($query);
	if ($result) {
		$SITE_MIDDLE .= FormatElement(GetLangString($lang,"txt_banner"),GetLangString($lang,"msg_bannerdeleted"));
	} else {	
		$SITE_MIDDLE .= FormatElement(GetLangString($lang,"txt_error"),GetLangString($lang,"msg_dberror"));
	}	
}
$query = "select * from `banners`";
$result = mysql_query($query);
while ($banner = mysql_fetch_array($result)){
	$SITE_MIDDLE .= FormatSmallElement( 
		"<a href=\"index.php?do=admin&admindo=banner&delete=".$banner['id']."\">".GetLangString($lang,"txt_delete")."</a>",
		"<table width='100%'><tr><td width='50%' valign='top'> ".
		$banner['code'] . "</td><td width='50%' valign='top'> ".
		"<form method='post' action='index.php?do=admin&admindo=banner'>
		<textarea name='code' rows=10> ". htmlentities ($banner['code']) . 
		"</textarea><input type='hidden' name='id' value='".$banner['id']."'>
		<input type='submit' value='".GetLangString($lang, 'txt_edit')."' name='edit'>
		</form></td></tr></table>") ;

}		

$SITE_MIDDLE .= 
		"<form method='post' action='index.php?do=admin&admindo=banner'>
		<textarea name='code' rows=10> ". htmlentities ($banner['code']) . 
		"</textarea>
		<input type='submit' value='".GetLangString($lang, 'txt_add')."' name='add'>
		</form></td></tr></table>" ;	
?>